Create a Trivy wrapper image
Proposal
We create a Trivy wrapper image that can perform a scan based on the the user input that is:
- namespace to scan
- workload kinds to scan
- service name to send the resulted report
This image will perform a scan, create a json
report and send it through HTTP to an /upload
endpoint in the gitlab agent.
The gitlab agent should have a node service where it can receive HTTP requests.
Ideally we will not use any code for this. We can perform everything in a bash script that will run as the entrypoint
of the docker image.
We already have a for this purpose.Draft MR
Related Links
Implementation Plan
-
Create a new repo for holding the Trivy wrapper image code. -
Follow thesefor new repos.instructions -
Write a go app for the Trivy image that will do the following: - Receive as input the workloads and the endpoint.
- Run the Trivy command from go and generate the report.
- Make an HTTP
srequest and send the report.The TLS config should be configure to be insecure. At this stage we won't verify the receiver.
-
Update the Docker image to build the go app and pass the binary in the image. -
Create a .gitlab-ci.yml
with some jobs to lint the code, run unit tests if any, build the image, and push it. -
Make sure you have your first image created in the container registry.
Edited by Nick Ilieskou